By Woody Leonhard/Windows Secrets Newsletter
Microsoft’s newly released beta version of Windows Defender Offline, a rootkit-sniffing and Windows-rehabilitation tool, should be the latest addition to your bag of Windows-repair tricks.
WDO should be able to catch a wide variety of nasties that evade detection by more traditional antivirus methods.
Although the name’s been around for years, don’t confuse this new version of WDO with previous incarnations — it’s a whole new animal and helps PC users in two very different situations:
1. Windows won’t boot: You can boot your machine with a WDO CD or USB drive, and WDO will perform a detailed malware scan.
2. You suspect you have a rootkit: WDO can scan your system and remove many different kinds of rootkits.
Oddly, Microsoft has been uncharacteristically mum about Windows Defender Offline. If there are any published technical details about the program — what it does or how it works — I haven’t found them. With a bit of reading between the lines, here’s what I can say:
WDO is almost identical to an earlier product called Microsoft Standalone System Sweeper. Microsoft released the beta version of MSSS in May. (Susan Bradley’s July 28 Top Story talked about MSSS.) The size of the program hasn’t changed. The format of the signature files appears to be identical. The earlier product doesn’t mention Windows 8, but WDO most definitely does run on Win8 Developer Preview.
As best I can tell, WDO uses the same signature files used by Microsoft Security Essentials (MSE). However, I know of one instance where a piece of malware was not caught by MSE but did trigger a WDO response. I have no idea why.
This post is excerpted with permission from Windows Secrets.
